|
 |
90f448 |
diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
|
|
|
90f448 |
index 3eeea86..2a6923c 100644
|
|
|
90f448 |
--- a/libqpdf/QPDF.cc
|
|
|
90f448 |
+++ b/libqpdf/QPDF.cc
|
|
|
b4caf3 |
@@ -11,6 +11,10 @@
|
|
|
b4caf3 |
#include <string.h>
|
|
|
b4caf3 |
#include <memory.h>
|
|
|
b4caf3 |
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+# include <gnutls/crypto.h>
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
+
|
|
|
b4caf3 |
#include <qpdf/QTC.hh>
|
|
|
b4caf3 |
#include <qpdf/QUtil.hh>
|
|
|
b4caf3 |
#include <qpdf/Pipeline.hh>
|
|
|
90f448 |
@@ -262,7 +266,13 @@ QPDF::processFile(char const* filename, char const* password)
|
|
|
b4caf3 |
{
|
|
|
b4caf3 |
FileInputSource* fi = new FileInputSource();
|
|
|
b4caf3 |
fi->setFilename(filename);
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
processInputSource(fi, password);
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
}
|
|
|
b4caf3 |
|
|
|
b4caf3 |
void
|
|
|
90f448 |
@@ -271,7 +281,13 @@ QPDF::processFile(char const* description, FILE* filep,
|
|
|
b4caf3 |
{
|
|
|
b4caf3 |
FileInputSource* fi = new FileInputSource();
|
|
|
b4caf3 |
fi->setFile(description, filep, close_file);
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
processInputSource(fi, password);
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
}
|
|
|
b4caf3 |
|
|
|
b4caf3 |
void
|
|
|
90f448 |
diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc
|
|
|
90f448 |
index 689fef7..57df1eb 100644
|
|
|
90f448 |
--- a/libqpdf/QPDFWriter.cc
|
|
|
90f448 |
+++ b/libqpdf/QPDFWriter.cc
|
|
|
90f448 |
@@ -24,6 +24,10 @@
|
|
|
90f448 |
#include <algorithm>
|
|
|
90f448 |
#include <stdlib.h>
|
|
|
90f448 |
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
90f448 |
+#include <gnutls/crypto.h>
|
|
|
90f448 |
+#endif
|
|
|
90f448 |
+
|
|
|
90f448 |
QPDFWriter::Members::Members(QPDF& pdf) :
|
|
|
90f448 |
pdf(pdf),
|
|
|
90f448 |
filename("unspecified"),
|
|
|
90f448 |
@@ -321,6 +325,13 @@ void
|
|
|
90f448 |
QPDFWriter::setDeterministicID(bool val)
|
|
|
90f448 |
{
|
|
|
90f448 |
this->m->deterministic_id = val;
|
|
|
90f448 |
+
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
90f448 |
+ if (val)
|
|
|
90f448 |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
90f448 |
+ else
|
|
|
90f448 |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
90f448 |
+#endif
|
|
|
90f448 |
}
|
|
|
90f448 |
|
|
|
90f448 |
void
|
|
|
90f448 |
@@ -342,6 +353,13 @@ void
|
|
|
90f448 |
QPDFWriter::setPreserveEncryption(bool val)
|
|
|
90f448 |
{
|
|
|
90f448 |
this->m->preserve_encryption = val;
|
|
|
90f448 |
+
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
90f448 |
+ if (val)
|
|
|
90f448 |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
90f448 |
+ else
|
|
|
90f448 |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
90f448 |
+#endif
|
|
|
90f448 |
}
|
|
|
90f448 |
|
|
|
90f448 |
void
|
|
|
90f448 |
@@ -2301,12 +2319,23 @@ QPDFWriter::generateID()
|
|
|
90f448 |
}
|
|
|
90f448 |
}
|
|
|
90f448 |
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
90f448 |
+ unsigned oldmode = gnutls_fips140_mode_enabled();
|
|
|
90f448 |
+
|
|
|
90f448 |
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
90f448 |
+#endif
|
|
|
90f448 |
+
|
|
|
90f448 |
MD5 m;
|
|
|
90f448 |
m.encodeString(seed.c_str());
|
|
|
90f448 |
MD5::Digest digest;
|
|
|
90f448 |
m.digest(digest);
|
|
|
90f448 |
result = std::string(reinterpret_cast<char*>(digest),
|
|
|
90f448 |
sizeof(MD5::Digest));
|
|
|
90f448 |
+
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
90f448 |
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
90f448 |
+#endif
|
|
|
90f448 |
+
|
|
|
90f448 |
}
|
|
|
90f448 |
|
|
|
90f448 |
// If /ID already exists, follow the spec: use the original first
|
|
|
90f448 |
diff --git a/libqpdf/QPDF_encryption.cc b/libqpdf/QPDF_encryption.cc
|
|
|
90f448 |
index 2ff48df..ce6fb31 100644
|
|
|
90f448 |
--- a/libqpdf/QPDF_encryption.cc
|
|
|
90f448 |
+++ b/libqpdf/QPDF_encryption.cc
|
|
|
b4caf3 |
@@ -1,6 +1,8 @@
|
|
|
b4caf3 |
// This file implements methods from the QPDF class that involve
|
|
|
b4caf3 |
// encryption.
|
|
|
b4caf3 |
|
|
|
b4caf3 |
+#include <qpdf/qpdf-config.h>
|
|
|
b4caf3 |
+
|
|
|
b4caf3 |
#include <qpdf/QPDF.hh>
|
|
|
b4caf3 |
|
|
|
b4caf3 |
#include <qpdf/QPDFExc.hh>
|
|
|
b4caf3 |
@@ -18,6 +20,10 @@
|
|
|
b4caf3 |
#include <assert.h>
|
|
|
b4caf3 |
#include <string.h>
|
|
|
b4caf3 |
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+# include <gnutls/crypto.h>
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
+
|
|
|
b4caf3 |
static unsigned char const padding_string[] = {
|
|
|
b4caf3 |
0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
|
|
|
b4caf3 |
0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
|
|
|
90f448 |
@@ -380,10 +386,21 @@ QPDF::compute_data_key(std::string const& encryption_key,
|
|
|
90f448 |
result += "sAlT";
|
|
|
90f448 |
}
|
|
|
90f448 |
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
90f448 |
+ unsigned oldmode = gnutls_fips140_mode_enabled();
|
|
|
90f448 |
+
|
|
|
90f448 |
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
90f448 |
+#endif
|
|
|
90f448 |
+
|
|
|
90f448 |
MD5 md5;
|
|
|
90f448 |
md5.encodeDataIncrementally(result.c_str(), result.length());
|
|
|
90f448 |
MD5::Digest digest;
|
|
|
90f448 |
md5.digest(digest);
|
|
|
90f448 |
+
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
90f448 |
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
90f448 |
+#endif
|
|
|
90f448 |
+
|
|
|
90f448 |
return std::string(reinterpret_cast<char*>(digest),
|
|
|
90f448 |
std::min(result.length(), toS(16)));
|
|
|
90f448 |
}
|
|
|
90f448 |
@@ -1150,6 +1167,12 @@ QPDF::getKeyForObject(
|
|
|
b4caf3 |
void
|
|
|
b4caf3 |
QPDF::decryptString(std::string& str, int objid, int generation)
|
|
|
b4caf3 |
{
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+ unsigned oldmode = gnutls_fips140_mode_enabled();
|
|
|
b4caf3 |
+
|
|
|
b4caf3 |
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
+
|
|
|
b4caf3 |
if (objid == 0)
|
|
|
b4caf3 |
{
|
|
|
b4caf3 |
return;
|
|
|
90f448 |
@@ -1230,6 +1253,10 @@ QPDF::decryptString(std::string& str, int objid, int generation)
|
|
|
b4caf3 |
QUtil::int_to_string(objid) + " " +
|
|
|
b4caf3 |
QUtil::int_to_string(generation) + ": " + e.what());
|
|
|
b4caf3 |
}
|
|
|
b4caf3 |
+
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
}
|
|
|
b4caf3 |
|
|
|
b4caf3 |
void
|
|
|
90f448 |
@@ -1240,6 +1267,12 @@ QPDF::decryptStream(PointerHolder<EncryptionParameters> encp,
|
|
|
b4caf3 |
QPDFObjectHandle& stream_dict,
|
|
|
b4caf3 |
std::vector<PointerHolder<Pipeline> >& heap)
|
|
|
b4caf3 |
{
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+ unsigned oldmode = gnutls_fips140_mode_enabled();
|
|
|
b4caf3 |
+
|
|
|
b4caf3 |
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
+
|
|
|
b4caf3 |
std::string type;
|
|
|
b4caf3 |
if (stream_dict.getKey("/Type").isName())
|
|
|
b4caf3 |
{
|
|
|
90f448 |
@@ -1361,6 +1394,10 @@ QPDF::decryptStream(PointerHolder<EncryptionParameters> encp,
|
|
|
b4caf3 |
toI(key.length()));
|
|
|
b4caf3 |
}
|
|
|
b4caf3 |
heap.push_back(pipeline);
|
|
|
b4caf3 |
+
|
|
|
90f448 |
+#ifdef USE_CRYPTO_GNUTLS
|
|
|
b4caf3 |
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
b4caf3 |
+#endif
|
|
|
b4caf3 |
}
|
|
|
b4caf3 |
|
|
|
b4caf3 |
void
|